Is Sharing Really Caring? Not If It’s Your Password

How to Protect Software IP?
Software IP Protection – How to Protect Software Intellectual Property?
18th February 2021
license management solution
Software Activation – The Good, The Bad and the Modern
12th May 2021
Show all

Is Sharing Really Caring? Not If It’s Your Password

Password sharing - don't do it!
 

It’s all over the news at the moment: Media giant Netflix wants us to stop sharing our passwords with people that do not live in the same household. The world's most beloved streaming service reported revenues of 24,996 Million in 2020, so is this intended crack-down on illicit use just mean-spirited?

Password sharing may seem harmless enough, but it actually puts not just your business, but also your employees and customers at risk. Find out why and, more importantly, what you as a software company can do to prevent it.

What is password sharing?

Password sharing involves multiple privileged parties sharing a single set of log-in details for an account. These may be people within the same household, employees of the same company, third parties such as contractors, or even sub-contractors.

Is password sharing illegal? 

That mostly depends on where you live. In the U.S., according to the Computer Fraud and Abuse Act, sharing passwords is illegal. The CFAA prohibits intentionally accessing a computer without, or in excess of, authorisation. In the UK on the other hand, letting someone else use your digital credentials, is not currently in breach of any Act, including the Data Protection Act.

Is password sharing recommended?

No. However, from a business perspective, any information that an employee has on a company computer, (including passwords), are the property of the business not the employee. Therefore businesses currently can (and do) make it a company policy for users to share passwords to licenced software applications - despite the potentially devastating risks associated with doing so.

Copyright and piracy issues with password sharing

For companies that are serious about their intellectual property rights unauthorised software access represents a big challenge. Password sharing grants someone access to applications that they may or may not have paid for. Lost revenues aside for a moment, it’s not knowing who that ‘someone’ is, that presents one of the biggest problems.

Software piracy is a grey area. Legally, (unless you are actually robbing a ship at sea), there is no such thing as ‘Piracy Law’. Intellectual property, which includes computer software, is legally protected by copyright law. However, even though it may have been password sharing that granted someone access to an application, ultimately it does not cause copying and therefore password sharing is not copyright infringement.  

It’s not unusual for the terms of a software license to explicitly permit users to make a copy of a program for back-up purposes. However, copyright law forbids users from giving a copy of a software programme to a friend or colleague. Copyright law can be difficult to enforce, especially if, thanks to password sharing, you do not know exactly who is accessing your applications. Even if only two users access a programme with the same log-in details, and one rogue actor creates an illegal copy of the software, how will you identify the rogue?

 
 
 
 

Netflix to stop password sharing

As of the last quarter of 2020 Netflix had 203.67 million subscribers. Business and growth strategy company ‘Magid’ has estimated that about 35% of those users share their password with at least one other person. If password sharing wasn’t expected by Netflix it wouldn’t be possible to create separate profiles within the same user account. However, according to its terms of use, what the media streaming service isn’t okay with you doing, is sharing your account with someone outside your household.

Why is password sharing bad for software companies?

Lost revenue is one of the most obvious problems. Even if just 5% of the 203.67 million Netflix subscribers mentioned above share their account details illegitimately, based on the cheapest Netflix plan, this equates to around £70 Million in lost revenue - per month! And we’re willing to wager that more than 5% of Netflix users should currently be sitting on the naughty step.

Diluting revenues through illicit access means that there is less money available to pay developers or artists. Unauthorised access eats away at your bottom line and eventually standards will start to slip and creativity may be lost.

The doorway to a data breach

A less obvious, but potentially more serious issue with password sharing is that the security risks are simply too great. The more often passwords are shared, the more likely it is that the proverbial chickens will come home to roost.

Businesses will often try to save money by sharing login details for user-limited accounts, with some even designating a separate computer as a ‘tools’ computer, which everyone in an office can use. However there are much better ways to manage concurrent usage than by sharing passwords.

Even seemingly minor systems that hold relatively few functions or limited data are still vitally important from a cyber security perspective. They can be the doorway that leads to much more critical business systems or sensitive client and employee data. System breaches not only cost a fortune to investigate and recover from, they can also cost millions in regulatory fines. Just ask Equifax, who agreed to pay $575 million following their data breach in 2017. Stolen customer databases are big business on the Dark Web!

Secure passwords are hard to remember and most people struggle to remember one, let alone 2 or 3. Without us even going into sophisticated technology like eavesdropping devices or key-logging malware, passwords can easily be overheard. How often have you seen a password scribbled on a post it note and stuck to the side of a monitor? Multiple systems can be compromised through that one, seemingly unimportant log-in.

 
 
 
 

How 10Duke can help

10Duke are identity and access management experts. We can provide you with a combination of powerful tools that help you ensure that the right people have access to the right things at the right time, without compromising the end-user experience. 10Duke also has the right solution for every organisation and can help you eliminate password sharing through:

1. Identity-based access

When each user is given their own, unique login that’s based on their own, unique identity, it is access to software that is shared - not passwords. Identity-based licensing is the most modern way of licensing your products and managing your customer information, whilst making your product easy to access for your customers. Click here to learn more.

2. Floating licensing

No matter how many people require access to a product, floating software licenses mean that every user can be provided with a separate, unique account login, without ever accidentally over-using entitlements. The number of simultaneous logins can be restricted, meaning that it’s not possible for a rogue user and a legitimate user to access a network at the same time. If a user does decide to share their password, they will block their own access to a network.

3. Granular control over access management

Not every client or employee needs privileged access to every licenced application within a business. People move on or up, and when that happens instead of changing or resetting passwords, you can simply remove or modify their entitlements accordingly.

Access can also be restricted to certain hours, tied to a MAC address, limited to certain locations, or tied to an IP address. Enabling admins to only grant access to shared licenses when and where they are needed, reduces opportunities for unnecessary account access. History logs also provide admins with oversight on which accounts are being shared and who has access to them. Access rights can also immediately be revoked in the event that you think a password may have become compromised.

4. Multi-Factor Authentication

Multi-factor authentication is an additional layer of security that makes it impossible for a rogue user to use valid credentials and also defends against password cracking software. Every time a user logs in, a second form of authentication is required, which is usually delivered by text or through an app, but can also be delivered in other ways. Learn more about MFA here.

5. Single Sign-on

Passwords are one of the main focuses of cyber criminals and every time a user enters a password it presents an opportunity for an account to be hacked. When single sign-on is implemented as part of an identity and access management solution it creates a robust cyber security strategy that limits the attack surface. Single sign-on can even help with compliance regulations by enabling automatic log-off and faster deprovisioning of users.

Conclusion

Password sharing is a false economy that creates a gaping cyber security hole that bad actors are just itching to slip through, an intrusion which, depending on the industry, can take between 98 and 197 days for a company to detect.

With identity-based licensing, legitimate software use can easily be shared amongst a large group of users without clients having to pay for more licenses than they need, or compromising security via password sharing.

By implementing a cost-effective, identity-based access management solution and combining it with powerful tools like multi-factor authentication and single sign-on, you can ensure that access to shared software accounts is only granted to the people that need it.

10Duke identity and access management solutions come with a range of advanced additional features to help you secure your company’s most valuable assets, covering everything from enforced password hygiene to secure storage for your data.

 
 
 
20th August 2021
10Duke 101 - Understanding 10Duke Licensing

10Duke 101 – Understanding the Basics of 10Duke Licensing

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration […]
9th June 2021
10Duke Digital Rights Management

Digital Rights Management vs. Software Licensing – What’s the difference?

Digital Rights Management and Software Licensing both deal with protecting copyrighted materials. Learn the difference and more.
12th May 2021
license management solution

Software Activation – The Good, The Bad and the Modern

Software Activation is a technology that verifies a software product has been legitimately licensed for use. Learn how to do it effectively.
18th February 2021
How to Protect Software IP?

Software IP Protection – How to Protect Software Intellectual Property?

Software IP protection strategy is not just about limiting access. Best IP protection also aims to enhance customer experience.
25th January 2021
Stop selling perpetual licenses to your customers

Why You Should Stop Selling Perpetual Licenses to Your Product

It’s no longer financially viable for software vendors to offer a ‘one size fits all’ perpetual software license model.
18th January 2021
License servers ticking time bomb for software business

License Servers – A Ticking Time Bomb For Your Software Business?

License server is an outdated legacy solution that is blocking software companies from scaling up. Learn why and how to overcome this licensing problem.
18th November 2020
Working with 10Duke

Working with 10Duke

Working with 10Duke normally follows a 4 stage process, which we will go through in this blog post.
27th August 2020
Subscription model shouldn't be forced on all products.

When a Subscription Model Doesn’t Fit… Alternatives to the Subscription Model

The subscription model is the main license model supported by most payment providers. But not all products can be forced into a subscription model.
18th August 2020
Software Licensing Provider

What Your Software Licensing Provider Isn’t Telling You

All software licensing providers say they’re good. But are they, really? Find out as we examine the pain licensing providers may be causing to your company.

Password sharing may seem harmless, but it actually puts your business, employees and customers at risk. Find out why what you can do to prevent it.

Schedule a Demo